Menu

Expand
Rate this page:

Challenge Resource

The Challenge resource is currently used by Verify Push and Verify TOTP features. It represents a single verification attempt of an Entity using a Factor. When the factor_type is push, a Challenge is created to verify the signature of the message sent from the registered device with the public key stored in the Factor. When the factor_type is totp, a Challenge is created to verify that the TOTP code provided by the user matches the one generated by the seed stored in the Factor. Some Challenge properties apply to all factor_types and others do not. A single Entity links to multiple Factors and a single Factor links to multiple Challenges.

Challenges and Billing


Verify Push

Consistent with overall Verify pricing, Verify Push is billed at a rate of $0.05 per verification. In technical terms, a Verify Push "verification" is defined as a Challenge of factor_type:push that is updated with a status of approved or denied.

Verify TOTP

Consistent with overall Verify pricing, Verify TOTP will be billed at a rate of $0.05 per verification. In technical terms, a Verify TOTP "verification" is defined as a Challenge of factor_type:totp that is updated with a status of approved.

Challenge properties

Resource Properties in REST API format
sid
sid<YC> Not PII

A 34 character string that uniquely identifies this Challenge.

account_sid
sid<AC> Not PII

The unique SID identifier of the Account.

service_sid
sid<VA> Not PII

The unique SID identifier of the Service.

entity_sid
sid<YE> Not PII

The unique SID identifier of the Entity.

identity

Customer unique identity for the Entity owner of the Challenge. This identifier should be immutable, not PII, length between 8 and 64 characters, and generated by your external system, such as your user's UUID, GUID, or SID. It can only contain dash (-) separated alphanumeric characters.

factor_sid
sid<YF> Not PII

The unique SID identifier of the Factor.

date_created
date_time<iso8601> Not PII

The date that this Challenge was created, given in ISO 8601 format.

date_updated
date_time<iso8601> Not PII

The date that this Challenge was updated, given in ISO 8601 format.

date_responded
date_time<iso8601> Not PII

The date that this Challenge was responded, given in ISO 8601 format.

expiration_date
date_time<iso8601> Not PII

The date-time when this Challenge expires, given in ISO 8601 format. The default value is five (5) minutes after Challenge creation. The max value is sixty (60) minutes after creation.

status
enum:challenge_statuses Not PII

The Status of this Challenge. One of pending, expired, approved or denied.

responded_reason
enum:challenge_reasons Not PII

Reason for the Challenge to be in certain status. One of none, not_needed or not_requested.

details

Details provided to give context about the Challenge. Intended to be shown to the end user.

hidden_details

Details provided to give context about the Challenge. Intended to be hidden from the end user. It must be a stringified JSON with only strings values eg. {"ip": "172.168.1.234"}

metadata

Custom metadata associated with the challenge. This is added by the Device/SDK directly to allow for the inclusion of device information. It must be a stringified JSON with only strings values eg. {"os": "Android"}. Can be up to 1024 characters in length.

factor_type
enum:factor_types Not PII

The Factor Type of this Challenge. Currently push and totp are supported.

url
url Not PII

The URL of this resource.

links
uri_map Not PII

Contains a dictionary of URL links to nested resources of this Challenge.

Create a Challenge resource

post
https://verify.twilio.com/v2/Services/{ServiceSid}/Entities/{Identity}/Challenges
Parameters
Parameters in REST API format
service_sid
Path
post sid<VA> Not PII

The unique SID identifier of the Service.

identity
Path
post string PII MTL: 30 DAYS

Customer unique identity for the Entity owner of the Challenge. This identifier should be immutable, not PII, length between 8 and 64 characters, and generated by your external system, such as your user's UUID, GUID, or SID. It can only contain dash (-) separated alphanumeric characters.

factor_sid
Required
post sid<YF> Not PII

The unique SID identifier of the Factor.

expiration_date
Optional
post date_time<iso8601> Not PII

The date-time when this Challenge expires, given in ISO 8601 format. The default value is five (5) minutes after Challenge creation. The max value is sixty (60) minutes after creation.

details.message
Optional
post string Not PII

Shown to the user when the push notification arrives. Required when factor_type is push. Can be up to 256 characters in length

details.fields
Optional
post object[] Not PII

A list of objects that describe the Fields included in the Challenge. Each object contains the label and value of the field, the label can be up to 36 characters in length and the value can be up to 128 characters in length. Used when factor_type is push. There can be up to 20 details fields.

hidden_details
Optional
post object PII MTL: 30 DAYS

Details provided to give context about the Challenge. Not shown to the end user. It must be a stringified JSON with only strings values eg. {"ip": "172.168.1.234"}. Can be up to 1024 characters in length

auth_payload
Optional
post string Not PII

Optional payload used to verify the Challenge upon creation. Only used with a Factor of type totp to carry the TOTP code that needs to be verified. For TOTP this value must be between 3 and 8 characters long.

Example 1
Loading Code Sample...
        
        

        Create Push Challenge

        Example 2
        Loading Code Sample...
              
              

              Create TOTP Challenge With AuthPayload

              Fetch a Challenge resource

              get
              https://verify.twilio.com/v2/Services/{ServiceSid}/Entities/{Identity}/Challenges/{Sid}
              Parameters
              Parameters in REST API format
              service_sid
              Path
              get sid<VA> Not PII

              The unique SID identifier of the Service.

              identity
              Path
              get string PII MTL: 30 DAYS

              Customer unique identity for the Entity owner of the Challenges. This identifier should be immutable, not PII, length between 8 and 64 characters, and generated by your external system, such as your user's UUID, GUID, or SID. It can only contain dash (-) separated alphanumeric characters.

              sid
              Path
              get sid<YC> Not PII

              A 34 character string that uniquely identifies this Challenge.

              Example 1
              Loading Code Sample...
                    
                    

                    Fetch Challenge

                    Read multiple Challenge resources

                    get
                    https://verify.twilio.com/v2/Services/{ServiceSid}/Entities/{Identity}/Challenges
                    Parameters
                    Parameters in REST API format
                    service_sid
                    Path
                    get sid<VA> Not PII

                    The unique SID identifier of the Service.

                    identity
                    Path
                    get string PII MTL: 30 DAYS

                    Customer unique identity for the Entity owner of the Challenge. This identifier should be immutable, not PII, length between 8 and 64 characters, and generated by your external system, such as your user's UUID, GUID, or SID. It can only contain dash (-) separated alphanumeric characters.

                    factor_sid
                    Optional
                    get sid<YF> Not PII

                    The unique SID identifier of the Factor.

                    status
                    Optional
                    get ienum:challenge_statuses Not PII

                    The Status of the Challenges to fetch. One of pending, expired, approved or denied.

                    order
                    Optional
                    get ienum:list_orders Not PII

                    The desired sort order of the Challenges list. One of asc or desc for ascending and descending respectively. Defaults to asc.

                    Example 1
                    Loading Code Sample...
                          
                          

                          Read Challenge

                          Update a Challenge resource

                          post
                          https://verify.twilio.com/v2/Services/{ServiceSid}/Entities/{Identity}/Challenges/{Sid}
                          Parameters
                          Parameters in REST API format
                          service_sid
                          Path
                          post sid<VA> Not PII

                          The unique SID identifier of the Service.

                          identity
                          Path
                          post string PII MTL: 30 DAYS

                          Customer unique identity for the Entity owner of the Challenge. This identifier should be immutable, not PII, length between 8 and 64 characters, and generated by your external system, such as your user's UUID, GUID, or SID. It can only contain dash (-) separated alphanumeric characters.

                          sid
                          Path
                          post sid<YC> Not PII

                          A 34 character string that uniquely identifies this Challenge.

                          auth_payload
                          Optional
                          post string Not PII

                          The optional payload needed to verify the Challenge. E.g., a TOTP would use the numeric code. For TOTP this value must be between 3 and 8 characters long. For Push this value can be up to 5456 characters in length

                          metadata
                          Optional
                          post object PII MTL: 30 DAYS

                          Custom metadata associated with the challenge. This is added by the Device/SDK directly to allow for the inclusion of device information. It must be a stringified JSON with only strings values eg. {"os": "Android"}. Can be up to 1024 characters in length.

                          Example 1
                          Loading Code Sample...
                                
                                

                                Update Challenge

                                Rate this page:

                                Need some help?

                                We all do sometimes; code is hard. Get help now from our support team, or lean on the wisdom of the crowd by visiting Twilio's Stack Overflow Collective or browsing the Twilio tag on Stack Overflow.

                                Loading Code Sample...
                                      
                                      
                                      

                                      Thank you for your feedback!

                                      Please select the reason(s) for your feedback. The additional information you provide helps us improve our documentation:

                                      Sending your feedback...
                                      🎉 Thank you for your feedback!
                                      Something went wrong. Please try again.

                                      Thanks for your feedback!

                                      thanks-feedback-gif